Enterprise Data In The Age Of COVID-19: How To Establish Control

As the world enters an indefinite state of quarantine due to COVID-19, remote work has become the new norm. From Slack messages to Zoom meetings, cloud applications have become the lifeblood of business communication — accelerating their adoption rates like never before. Business leaders have had to think fast to keep operations afloat, and for many, rolling out these new technologies has been the key in doing so. 

But rapidly onboarding new tools at such a monstrous scale has created mass amounts of new data to govern. And governing data, even without remote work vulnerabilities, isn’t easy. The systems we stood up so quickly and the data we’re creating now, we may come to find are insecure and unpreserved in a couple of months. But before that happens, there are plenty of measures you can take to prevent this problem — and we’re here to tell you how.

The current situation 

Lucky for us, we can still operate anytime, anywhere with the use of cloud applications like Slack, Office 365, GSuite, Zoom, and more. We can send a message, share a file, or join a call at the drop of a hat. Yet, every time we perform an action within these applications, we produce data. Even under normal circumstances, enterprise data can accumulate fast. Now, take a mandatory quarantine forcing hundreds of thousands of businesses to work remotely? You can pretty much guarantee data production will skyrocket. 

Not only is our data accumulating rapidly, but it’s also accumulating in a ton of different places. From our chat platforms to our file-sharing platforms, to even our personal devices, our information is scattered, leaving it unorganized and undiscoverable. Put simply, it’s already easy for enterprise information to slip through the cracks, but our current situation makes it even easier. 

So what?

The bottom line is that our world went into crisis mode overnight. As a result, businesses may have missed certain configurations from these newer, non-traditional data sources that are vital to compliance and eDiscovery. Now that the dust has settled, it’s time to address any gaps. From future discovery requests to the rising heat of GDPR and CCPA, enterprises need to ensure their data is secure, accessible, and useful now more than ever. There’s no time to slack on due-diligence — the actions enterprises take now, will dictate their ease of data management in the months to come.

Step-by-step: How to establish control over your enterprise data

So how do we stop this runaway train of enterprise data? If you follow the steps below, you’ll be well on your way to securing, organizing, and finding the data you need amongst your newly adopted collaboration tools. Let’s get started:

1. Assemble the right team

The first step in tackling this initiative is assembling the right team. When managing this new surge of enterprise data, you’ll need a fair mix of IT and legal folks to create your “COVID-19 task force.” Recruit team members you know will be responsible owners of your new data sources throughout this time and beyond. These are the people who will act as liaisons between support teams and legal teams, ask the right questions, build processes, and assess the solutions that will make your tech stack enterprise-ready.

2. Outline security policies

To ensure your employees are using their new collaboration tools with security in mind, you’ll want to outline a company security policy. These are simply guidelines on how to use these tools within company security standards. Some guidelines might include how login credentials are shared, how sensitive information like PII is shared, password strength, and setting up two-factor authentication. Some tools are more vulnerable to security threats than others, so making sure employees understand these vulnerabilities is critical. If you already have a security policy outlined — great! As a next step, we recommend hosting a company-wide security training on all of your new tools to mitigate risk and make sure everyone’s on the same page.

3. Get to know user permissions

Different tools have different user permissions, and your new data sources are no exception. Whether you’re an admin, a super user, a member or a guest, each tool has their own take on user titles and the permissions they’re granted. Understanding what each user permission means from the get-go is key to understanding who has access to what. Not only is this important for efficiency’s sake, but it’s also crucial to data loss prevention (DLP), combating security breaches, and is a compliance must-have. When it comes to company-wide collaboration tools, responsible IT teams follow the Principle of Least Privilege, or only giving users the access they need to do their job. This reduces a company’s risk of compromising sensitive data, and is a good rule of thumb when it comes to user permissions.

4. Understand retention settings

Depending on the tool, there will be different default settings for data retention. Retention periods can last anywhere from five minutes to five years, so you’ll want to address this area as soon as possible to ensure it’s aligned with your company’s data retention best practices. With the surge of data being created, it’s important to outline the criteria for data to be preserved, archived, and deleted. Whether retention criteria is based on the age of the data (ex. five years old), the type of data (ex. Microsoft Teams messages), or a mixture of both, make sure it’s being enforced within your new tools to prevent data loss and compliance issues.

5. Understand data dynamics

Cloud collaboration tools have countless unique capabilities, therefore, they have unique data. When you think about everything you can do in Slack for example, there’s a lot to unpack: direct messages, channels, threads, file sharing, emojis, edits and deletes, and so much more. Typically, the more unique tools’ capabilities are, the more complex their dataset is to process and search across. However, by learning the ins and outs of your new tools now, you’ll be able to gauge how hard it is to find the information you need. You may come to find that you need to connect to Slack’s APIs for example, or outsource help for processing and search, but it’s better to find out now than six months down the line. 

6. Set up an eDiscovery plan

The data your company is creating at the moment could be relevant to an eDiscovery request in the coming years or even months. To make sure you’re prepared for what can be a tedious and expensive process, it’s a good idea to begin exploring the eDiscovery options your new collaboration tools offer. Don’t be surprised if a few fall short in the EDRM process, or require extra steps to process all that complex data we talked about previously. Luckily, there are plenty of eDiscovery softwares for new collaboration tools. Whether it’s Slack eDiscovery or Box eDiscovery, we recommend choosing the solution that’s compatible with most of your tech stack. This way, you’ll save time and money, and you’ll feel confident knowing you can collect from your new data sources when the time inevitably comes.

These steps toward enterprise data control may take time, but they’re time well spent. By doubling down on your preservation, security, and eDiscovery efforts now, you’ll feel more in control of your data throughout this tumultuous time, and come out on the other side better than before. 

About Onna

Onna is a data integration platform that centralizes enterprise information from today’s most popular emerging cloud apps. Built with a powerful API infrastructure, we help some of the biggest names in tech secure, access, and search across their information in an easy, streamlined way. Search across multiple apps at once, personalize retention policies, set compliance actions, collaborate in workspaces, export data into the review platform of your choice, and so much more. Once connected to Onna, your data is limitless.

If your organization has recently onboarded new cloud applications, we’re here to help you gain control and access of your data. Download our eDiscovery Guide for Emerging Applications to learn more or go ahead and contact us!